Author Topic: Firewall? (Read 4429 times)

SharpEnd · « **on:** May 28, 2004, 11:30:29 pm »

Is there a way to run a firewall on the Zaurus? Or is it necessary?
Lets say I\'m on a public system, like t-mobile at $tarbuck$. What
would keep someone else on the network from accessing my Z,
other than locking out the samba folder via chmod?
This would be a pain, as I\'d have to change access rules anytime I
wanted to TCP/IP files with my notebook computer.

Mike

cmisip · « **Reply #1 on:** May 29, 2004, 12:33:14 am »

Shorewall for zaurus. I use it at home to secure my wifi along with ipsec.

http://cmisip.home.insightbb.com/index.htm

evowan · « **Reply #2 on:** June 25, 2004, 09:40:57 am »

Quote

Shorewall for zaurus. I use it at home to secure my wifi along with ipsec.

http://cmisip.home.insightbb.com/index.htm

Hi,

Having trouble getting Shorewall running on the Z (Cacko 1.21a, C860). I've followed the instructions at the Shorewall link provided but when I try to start it up I get a number of messages, the first being -

iptables v1.2.9: can't initialize iptables table 'nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

And several of the same but for tables 'mangle' and 'filter'.

I have su'ed to root before starting the shorewall script. Anyone have any ideas?

Tehas · « **Reply #3 on:** June 26, 2004, 12:01:08 am »

I've been tweaking my inetd.conf file to close ports.

cmisip · « **Reply #4 on:** June 26, 2004, 01:53:41 am »

This url might be helpful

http://www.experts-exchange.com/Networking...Q_20464450.html

Did you try

modprobe iptable_nat

---------------------------
This is the output of my lsmod

root@zaurus:/etc/shorewall> lsmod
Module Size Used by
ipt_TOS 1152 12
ipt_state 736 32
ipt_REJECT 3472 4
iptable_mangle 2272 1
ip_nat_irc 2768 0 (unused)
ip_nat_ftp 3392 0 (unused)
iptable_nat 15520 2 [ip_nat_irc ip_nat_ftp]
ip_conntrack_irc 2800 0 (unused)
ip_conntrack_ftp 3888 0 (unused)
ip_conntrack 15744 4 [ipt_state ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]
iptable_filter 1840 1
ip_tables 13584 8 [ipt_TOS ipt_state ipt_REJECT iptable_mangle iptable_nat iptable_filter]
pxa_bi 21328 0 (unused)
net_fd 25024 1
usbdcore 34544 0 [pxa_bi net_fd]
usbdmonitor 5248 0
sharp_mmcsd_m 26256 2
ext3 59760 1 (autoclean)
jbd 39232 1 (autoclean)

--------------------
perhaps iptables modules need to be compiled specific to your kernel config?

tfraser · « **Reply #5 on:** November 26, 2005, 03:44:54 pm »

I've recently packaged up the simple iptables firewall I use on my Zaurus. It doesn't require any configuration---basically prevents remote users from connecting to your Zaurus while allowing you to surf and use the cradle as usual.

Please see the Snowfence page for .ipk downloads and more information.

speculatrix · « **Reply #6 on:** November 28, 2005, 04:58:54 pm »

here's a trivial firewall for your Z, create a file called /etc/rc.d/init.d/firewall and make it executable. Run it after rebooting.

#/bin/bash

iptables -F INPUT
iptables -P INPUT DROP
iptables -I INPUT -m state --state established,related -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p udp --sport 67:68 -j ACCEPT

News:

Author Topic: Firewall? (Read 4429 times)